EC-Council CEH Exam Questions

Page 10 of 65

181.

What is the primary motivation behind a hacktivist's actions?

  • To promote or advance a political or social cause

  • To find and exploit vulnerabilities for financial gain

  • To vandalize or deface websites for fun

  • To improve system security by finding and fixing vulnerabilities

Correct answer: To promote or advance a political or social cause

Hacktivists usually use their hacking skills to advance a political or social cause. Denial of service attacks are common tactics used by hacktivists to make their agenda known. 

Financial gain is generally the motivation behind a black hat hacker. While hacktivists may deface or vandalize websites, they are usually doing it for a cause and not just for fun. Those doing it for fun could be attributed to script kiddies or vandals. White hat hackers, or ethical hackers, are those who seek to improve the security of systems by finding and fixing vulnerabilities. 

182.

How can code reviews and static analysis tools contribute to defending against SQL injection?

  • By identifying and highlighting potential code vulnerabilities

  • By optimizing the syntax of SQL queries for better readability

  • By automatically rewriting SQL queries to use the latest SQL standards

  • By creating a database schema that is resistant to injections

Correct answer: By identifying and highlighting potential code vulnerabilities

Code reviews and static analysis tools contribute to defending against SQL injection by systematically examining the source code to identify and highlight potential vulnerabilities, such as places where user input is not properly sanitized or parameterized. This proactive approach allows developers to fix issues before the application goes into production. 

Code reviews and static analysis tools are not primarily used for optimizing readability, rewriting queries to meet standards, or creating injection-resistant schemas but rather for vulnerability detection and prevention.

183.

Why is error message handling considered a crucial aspect of defending against SQL injection?

  • Detailed error messages can provide attackers with insights into the database structure

  • Error messages can be used to reverse-engineer user credentials

  • Custom error pages are more user-friendly and improve the user experience

  • Handling error messages can prevent the database from crashing

Correct answer: Detailed error messages can provide attackers with insights into the database structure

Proper error message handling is crucial in defending against SQL injection because detailed error messages can inadvertently provide attackers with information about the database structure or give clues on how to craft successful SQL injection attacks. 

While custom error pages may improve user experience and error handling can prevent crashes, these are not the primary reasons for managing error messages in the context of SQL injection defense. Error messages are not able to be used to reverse-engineer user credentials. 

184.

What technique involves comparing a suspicious file's hash value against known malware signatures?

  • Signature-based detection

  • Behavioral analysis

  • Heuristic analysis

  • Anomaly detection

Correct answer: Signature-based detection

Signature-based detection involves comparing hashes or patterns of suspicious files against a database of known malware signatures. If there's a match, the file is likely to be malicious. 

Behavioral analysis observes the behavior of a file during execution, heuristic analysis looks for known malicious activities or traits, and anomaly detection identifies deviations from established norms.

185.

You want to view a company's annual report on EDGAR to get an overview of the business. What is the name given to the annual report on EDGAR?

  • 10-K

  • 10-Q

  • 11-K

  • 17-H

Correct answer: 10-K

The Electronic Data Gathering, Analysis, and Retrieval (EDGAR) system stores all public filings associated with a company. The annual reports, called 10-K, provide an overview of the business. 

Quarterly reports on EDGAR are called 10-Qs. An 11-K form provides information about employee stock options and plans.  A 17-H form is a risk assessment for brokers and dealers. 

186.

What role does identity and access management (IAM) play in cloud security?

  • It manages digital identities and controls user access to resources

  • It guarantees data encryption at all times

  • It offers uninterrupted data availability

  • It acts as a backup service for data storage

Correct answer: It manages digital identities and controls user access to resources

Identity and Access Management (IAM) in cloud security is essential for ensuring that the right individuals have access to the appropriate resources at the right times for the right reasons. IAM systems provide tools for identifying, authenticating, and authorizing individuals or groups of individuals to have access to applications, systems, or networks by associating user rights and restrictions with established identities. 

IAM does not deal with encryption, data availability, or backup services.

187.

Maintaining access within a network is also known as which of the following?

  • Persistence

  • Enumeration

  • Footprinting

  • Privilege escalation 

Correct answer: Persistence

Once an attacker has gained access to a target, they typically want to keep and maintain that access. This is known as persistence. 

Enumeration and footprinting both refer to different types of information gathering techniques. Privilege escalation is the act of obtaining administrator privileges. 

188.

In social media footprinting, what can be inferred by analyzing a target's posts, likes, and comments?

  • Personal interests, locations, and activities

  • The target's computer specifications

  • The target’s password

  • The security configuration of the target's network

Correct answer: Personal interests, locations, and activities

Analyzing posts, likes, and comments can disclose personal information, including interests, location history, and activities. This is because individuals tend to post about places they frequently visit or their favorite hobbies. 

The other options are typically not determinable from social media activity analysis.

189.

What misconfiguration may result in exposing sensitive user data if error messages disclose too much information to end-users?

  • Verbose error messages

  • Poor patch management 

  • Design flaws 

  • Third-party integrations

Correct answer: Verbose error messages

Verbose error messages can lead to the inadvertent disclosure of sensitive information, making them a type of misconfiguration. They might provide attackers with insights into the internal workings of a system or database details. 

Poor patch management is related to software not being updated or patched. Design flaws are inherent issues in how a system or application was created. Third-party integrations refer to risks introduced through external software or vendor integrations. 

190.

What is the block size used by the DES encryption algorithm?

  • 64 bits

  • 56 bits

  • 128 bits

  • 256 bits

Correct answer: 64 bits

Data Encryption Standard (DES) is a long depreciated encryption algorithm that encrypts data in blocks of 64 bits, which was a standard block size for symmetric key algorithms of its era. 

The key length is effectively 56 bits, not the block size. 128 bits and 256 bits are block sizes that are commonly associated with the AES encryption standard, not DES.

191.

Which of the following attack types relies on embedding malicious scripts into web pages viewed by other users?

  • Cross-site scripting

  • DoS

  • Smurf attack

  • Brute force

Correct answer: Cross-site scripting 

Of the given options, only cross-site scripting (XSS) relies on embedding malicious scripts in web pages viewed by other users. XSS attacks inject a code fragment from a scripting language into an input field so that it executes in the browser of a user visiting the site. There are multiple types of XSS attacks, such as reflected XSS or stored XSS. 

Denial of Service (DoS) attacks, smurf attacks, and brute force attacks do not involve embedding malicious scripts in web pages.

192.

How can an attacker exploit application logic flaws in a web application?

  • By performing unexpected sequences of actions

  • By adhering to the application's workflow

  • By using strong authentication methods

  • By avoiding error messages

Correct answer: By performing unexpected sequences of actions

Attackers exploit application logic flaws by performing unexpected sequences of actions that the application isn't programmed to handle properly. This leads to unauthorized access and functionality. 

Adhering to the workflow would not exploit a flaw, and using strong authentication methods is a defensive strategy. Avoiding error messages does not exploit logic flaws.

193.

You want to dump the DNS cache on a Windows system, and you already have access to the command line. Which command should you run?

  •  ipconfig /displaydns

  • nslookup

  • ipconfig /showcache

  • nslookup /dnscache

Correct answer: ipconfig /displaydns

Windows systems cache values, and they can be dumped using the ipconfig /displaydns command. 

The nslookup program is a DNS lookup tool but can't be used to dump the cache on a Windows system. Ipconfig /showcache and nslookup /dnscache are not valid commands. 

194.

In disk encryption, what is the role of the Trusted Platform Module (TPM)?

  •  A TPM is a dedicated microcontroller that securely stores keys, passwords, and digital certificates

  • A TPM enhances the speed of encryption algorithms

  • A TPM increases disk storage capacity

  • A TPM is used to partition the disk

Correct answer: A TPM is a dedicated microcontroller that securely stores keys, passwords, and digital certificates

The Trusted Platform Module (TPM) is a hardware-based solution for secure generation and storage of cryptographic keys, passwords, and digital certificates, which can be used to authenticate the platform and provide integrity to the boot process and software. 

The TPM is not designed for improving speed, increasing storage, or managing disk partitions.

195.

What is an advantage of using automated fuzzing tools for web server security testing?

  • They can rapidly execute a large number of tests, increasing the likelihood of discovering vulnerabilities

  • They require minimal setup and no prior knowledge of the system's architecture

  • They guarantee the detection of all possible vulnerabilities within the server

  • They provide a detailed and user-friendly guide for manual penetration testing

Correct answer: They can rapidly execute a large number of tests, increasing the likelihood of discovering vulnerabilities

The advantage of using automated fuzzing tools for web server security testing is that they can rapidly execute a large number of tests, which increases the likelihood of discovering vulnerabilities. These tools can perform extensive testing in a relatively short amount of time, which would be impractical to conduct manually. 

Fuzzing tools do not guarantee the detection of all vulnerabilities, typically require some setup and understanding of the system, and are not designed to provide guidance for manual testing.

196.

What is the term used to describe a network device that allows wireless devices to connect to a wired network using Wi-Fi or related standards?

  • Access Point

  • Repeater

  • Bridge

  • Modem

Correct answer: Access Point

An Access Point (AP) acts as a central transmitter and receiver of wireless radio signals. Mainstream wireless APs support Wi-Fi and are used in homes, public internet hotspots, and business networks to accommodate wireless mobile devices. 

The repeater is used to extend the range of a wireless signal, a bridge connects two different networks together, and a modem modulates and demodulates signals for communication over phone lines.

197.

What type of attack is particularly relevant to serverless computing due to the use of multiple loosely coupled services?

  • Cross-service attack

  • Distributed Denial of Service (DDoS)

  • Injection attacks

  • Man-in-the-middle (MITM)

Correct answer: Cross-service attack

A cross-service attack is particularly relevant to serverless computing because it often involves multiple loosely coupled services, and an attacker can exploit vulnerabilities in one service to compromise or affect another service.

Distributed Denial of Service  (DDoS) isn't specific to serverless computing, as it can affect any internet-facing service. Man-in-the-Middle (MITM) attacks involve intercepting communication between two parties, which is not specific to serverless computing. Injection attacks are a broad category of attacks that could be relevant to serverless computing but do not specifically target the loosely coupled nature of serverless services like cross-service attacks do.

198.

Which attack seeks to establish a connection back to the attacker, allowing for remote control over a compromised system?

  •  Reverse shell

  • Ping sweep

  • Spoofing

  • Session hijacking

Correct answer: Reverse shell

A reverse shell, also known as a remote shell or connect-back shell, takes advantage of the target system's vulnerabilities to initiate a shell session and then access the victim's computer. It establishes a connection from the compromised system back to the attacker's system, granting remote control capabilities. 

A ping sweep is a method used to determine live hosts in a network. Spoofing refers to masquerading as another entity. Session hijacking deals with taking over an existing user session.

199.

Which tool can be used to emulate an SSL/TLS client or server, which can be helpful in testing IDS evasion using encrypted channels? 

  • OpenSSL

  • Stunnel

  • Dns2tcp

  • Hping3

Correct answer: OpenSSL

OpenSSL provides a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. 

Stunnel provides an SSL encryption wrapper, Dns2tcp tunnels through DNS, and Hping3 crafts packets.

200.

What is the primary purpose of the Diffie-Hellman key exchange algorithm in secure communications?

  • To securely exchange cryptographic keys over a public channel

  • To encrypt and decrypt messages using a symmetric key

  • To provide digital signatures for non-repudiation

  • To generate hash values for message integrity

Correct answer: To securely exchange cryptographic keys over a public channel

The Diffie-Hellman key exchange algorithm's primary purpose is to allow two parties to securely exchange cryptographic keys over a public channel. This enables them to communicate privately using a symmetric key they both possess without the key being intercepted by eavesdroppers.

It is not used to encrypt or decrypt messages, but rather, it facilitates the secure exchange of keys that can then be used for encryption. Diffie-Hellman does not provide digital signatures for non-repudiation, as it is not involved in the authentication of messages or parties. Diffie-Hellman is not responsible for generating hash values for message integrity.